moz_bug_r_a4 discovered that in certain cases, javascript: URLs
can be executed so that scripts can escape the JavaScript sandbox and run
with elevated privileges. This can lead to arbitrary code
execution.

For the stable distribution (squeeze), this problem has been fixed in
version 2.0.11-14.

For the unstable (sid) and testing (wheezy) distribution, this problem
will be fixed soon.